DoS Vulnerability in Asterisk

The makers of Asterisk, the Open Source phone system, have removed a bug that allowed denial of service attacks under certain circumstances.

The vulnerability affected the SIP channel driver, more specifically the "BYE with Also" transfer method. A faulty null-pointer dereference could be exploited to crash the application using a carefully crafted BYE message. The attack needed an existing connection.